English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.842807
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3019-1)
Summary:The remote host is missing an update for the 'linux-lts-utopic' package(s) announced via the USN-3019-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-utopic' package(s) announced via the USN-3019-1 advisory.

Vulnerability Insight:
Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32 bit
compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local
unprivileged attacker could use this to cause a denial of service (system
crash) or execute arbitrary code with administrative privileges.
(CVE-2016-4997)

Kangjie Lu discovered an information leak in the core USB implementation in
the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4482)

Jann Horn discovered that the InfiniBand interfaces within the Linux kernel
could be coerced into overwriting kernel memory. A local unprivileged
attacker could use this to possibly gain administrative privileges on
systems where InifiniBand related kernel modules are loaded.
(CVE-2016-4565)

Kangjie Lu discovered an information leak in the timer handling
implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of
the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)

Kangjie Lu discovered an information leak in the X.25 Call Request handling
in the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4580)

It was discovered that an information leak exists in the Rock Ridge
implementation in the Linux kernel. A local attacker who is able to mount a
malicious iso9660 file system image could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2016-4913)

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling
IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to
cause a denial of service (system crash) or obtain potentially sensitive
information from kernel memory. (CVE-2016-4998)

Affected Software/OS:
'linux-lts-utopic' package(s) on Ubuntu 14.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4482
BugTraq ID: 90029
http://www.securityfocus.com/bid/90029
Debian Security Information: DSA-3607 (Google Search)
http://www.debian.org/security/2016/dsa-3607
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html
http://www.openwall.com/lists/oss-security/2016/05/04/2
SuSE Security Announcement: SUSE-SU-2016:1672 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:1690 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
SuSE Security Announcement: SUSE-SU-2016:1696 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
SuSE Security Announcement: SUSE-SU-2016:1937 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
SuSE Security Announcement: SUSE-SU-2016:1985 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:2105 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
SuSE Security Announcement: openSUSE-SU-2016:1641 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
SuSE Security Announcement: openSUSE-SU-2016:2184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://www.ubuntu.com/usn/USN-3016-1
http://www.ubuntu.com/usn/USN-3016-2
http://www.ubuntu.com/usn/USN-3016-3
http://www.ubuntu.com/usn/USN-3016-4
http://www.ubuntu.com/usn/USN-3017-1
http://www.ubuntu.com/usn/USN-3017-2
http://www.ubuntu.com/usn/USN-3017-3
http://www.ubuntu.com/usn/USN-3018-1
http://www.ubuntu.com/usn/USN-3018-2
http://www.ubuntu.com/usn/USN-3019-1
http://www.ubuntu.com/usn/USN-3020-1
http://www.ubuntu.com/usn/USN-3021-1
http://www.ubuntu.com/usn/USN-3021-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-4565
BugTraq ID: 90301
http://www.securityfocus.com/bid/90301
http://www.openwall.com/lists/oss-security/2016/05/07/1
RedHat Security Advisories: RHSA-2016:1277
https://access.redhat.com/errata/RHSA-2016:1277
RedHat Security Advisories: RHSA-2016:1301
https://access.redhat.com/errata/RHSA-2016:1301
RedHat Security Advisories: RHSA-2016:1341
https://access.redhat.com/errata/RHSA-2016:1341
RedHat Security Advisories: RHSA-2016:1406
https://access.redhat.com/errata/RHSA-2016:1406
RedHat Security Advisories: RHSA-2016:1489
http://rhn.redhat.com/errata/RHSA-2016-1489.html
RedHat Security Advisories: RHSA-2016:1581
http://rhn.redhat.com/errata/RHSA-2016-1581.html
RedHat Security Advisories: RHSA-2016:1617
http://rhn.redhat.com/errata/RHSA-2016-1617.html
RedHat Security Advisories: RHSA-2016:1640
http://rhn.redhat.com/errata/RHSA-2016-1640.html
RedHat Security Advisories: RHSA-2016:1657
http://rhn.redhat.com/errata/RHSA-2016-1657.html
RedHat Security Advisories: RHSA-2016:1814
http://rhn.redhat.com/errata/RHSA-2016-1814.html
SuSE Security Announcement: SUSE-SU-2016:1961 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
SuSE Security Announcement: SUSE-SU-2016:1994 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
SuSE Security Announcement: SUSE-SU-2016:1995 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
SuSE Security Announcement: SUSE-SU-2016:2000 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
SuSE Security Announcement: SUSE-SU-2016:2001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html
SuSE Security Announcement: SUSE-SU-2016:2002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
SuSE Security Announcement: SUSE-SU-2016:2003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:2005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:2006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:2007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:2009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:2010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:2011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html
SuSE Security Announcement: SUSE-SU-2016:2014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
http://www.ubuntu.com/usn/USN-3001-1
http://www.ubuntu.com/usn/USN-3002-1
http://www.ubuntu.com/usn/USN-3003-1
http://www.ubuntu.com/usn/USN-3004-1
http://www.ubuntu.com/usn/USN-3005-1
http://www.ubuntu.com/usn/USN-3006-1
http://www.ubuntu.com/usn/USN-3007-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-4569
BugTraq ID: 90347
http://www.securityfocus.com/bid/90347
http://www.openwall.com/lists/oss-security/2016/05/09/17
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RedHat Security Advisories: RHSA-2016:2584
http://rhn.redhat.com/errata/RHSA-2016-2584.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4578
BugTraq ID: 90535
http://www.securityfocus.com/bid/90535
https://www.exploit-db.com/exploits/46529/
http://www.openwall.com/lists/oss-security/2016/05/11/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-4580
BugTraq ID: 90528
http://www.securityfocus.com/bid/90528
http://www.openwall.com/lists/oss-security/2016/05/10/12
Common Vulnerability Exposure (CVE) ID: CVE-2016-4913
BugTraq ID: 90730
http://www.securityfocus.com/bid/90730
http://www.openwall.com/lists/oss-security/2016/05/18/3
http://www.openwall.com/lists/oss-security/2016/05/18/5
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
Common Vulnerability Exposure (CVE) ID: CVE-2016-4997
1036171
http://www.securitytracker.com/id/1036171
40435
https://www.exploit-db.com/exploits/40435/
40489
https://www.exploit-db.com/exploits/40489/
91451
http://www.securityfocus.com/bid/91451
DSA-3607
RHSA-2016:1847
http://rhn.redhat.com/errata/RHSA-2016-1847.html
RHSA-2016:1875
http://rhn.redhat.com/errata/RHSA-2016-1875.html
RHSA-2016:1883
http://rhn.redhat.com/errata/RHSA-2016-1883.html
SUSE-SU-2016:1709
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html
SUSE-SU-2016:1710
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html
SUSE-SU-2016:1937
SUSE-SU-2016:1985
SUSE-SU-2016:2018
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html
SUSE-SU-2016:2105
SUSE-SU-2016:2174
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html
SUSE-SU-2016:2177
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html
SUSE-SU-2016:2178
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html
SUSE-SU-2016:2179
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html
SUSE-SU-2016:2180
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html
SUSE-SU-2016:2181
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html
USN-3016-1
USN-3016-2
USN-3016-3
USN-3016-4
USN-3017-1
USN-3017-2
USN-3017-3
USN-3018-1
USN-3018-2
USN-3019-1
USN-3020-1
[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)
http://www.openwall.com/lists/oss-security/2016/06/24/5
[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call
http://www.openwall.com/lists/oss-security/2016/09/29/10
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bugzilla.redhat.com/show_bug.cgi?id=1349722
https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt
https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
openSUSE-SU-2016:2184
Common Vulnerability Exposure (CVE) ID: CVE-2016-4998
RHSA-2017:0036
http://rhn.redhat.com/errata/RHSA-2017-0036.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
https://bugzilla.redhat.com/show_bug.cgi?id=1349886
https://github.com/torvalds/linux/commit/6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
CopyrightCopyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.